National accreditation body

Alias, roles and other appearances in the regulations

- Certification body - Controller - Controller in the EU - Joint Controller - Legal person - Persons having a legitimate interest - Processor - Processor in the EU - Recipient - Representative of the Controller - Representative of the Processor - Third party -

Export regulations to pdf

Obligations

Regulation name
Principle of lawfulness, fairness and transparency (In role Controller) (In role Processor)
Purpose limitation principle (In role Controller) (In role Processor)
Data minimization principle (In role Controller) (In role Processor)
Principle of accuracy (In role Controller) (In role Processor)
Storage limitation principle (In role Controller) (In role Processor)
Principle of integrity and confidentiality (In role Controller) (In role Processor)
Principle of accountability (In role Controller)
Processing for a purpose other than that for which the personal data have been collected originally (In role Controller)
Obligation to demonstrate the consent for processing the personal data (In role Controller)
Obligations of the controller on context of the child when processing the personal data (In role Controller)
Prohibition of processing the special categories of personal data (In role Controller) (In role Processor)
Reasons for derogating the exercise of the Articles 15 – 20 (In role Controller)
Measures of the controller in terms of providing the information to data subjects (In role Controller)
Facilitating the data subject rights (In role Controller)
Providing the information on action taken on a request under Articles 15 to 22 to the data subject (In role Controller)
Obligations of the controller in case when the data subject request is unadopted (In role Controller)
Information provided to the data subject when personal data has been acquired from a data subject (In role Controller)
Additional information provided to the data subject when personal data has been acquired from a data subject (In role Controller)
Information provided to the data subject when controller intends to further process the personal data for a purpose other than that for which the personal data were collected (In role Controller)
Information provided where personal data have not been obtained from the data subject (In role Controller)
Some additional information provided where personal data have not been obtained from the data subject (In role Controller)
Principles of providing the information in terms of the Article 14, paragraph 1 and 2 of the regulation (In role Controller)
Providing the information where the controller intends to process the personal data for a purpose other than that for which the personal data were obtained (In role Controller)
Obligation to provide a copy of the personal data which are being processed (In role Controller)
Obligations of the controller after the right to be forgotten has been applied (In role Controller)
Information duty of the controller in context of the personal data processing limitation (In role Controller)
Information obligation of the controller towards the recipients (In role Controller)
Right of the data subject to object the processing of personal data (In role Controller)
Prohibition of the personal data processing after the Article 21, paragraph 2 has been applied (In role Controller)
Obligation of the controller to inform the data subject about the to object (In role Controller)
Proceedings of the controller in case of the Article 22, paragraph 2, points a) – c) application (In role Controller)
Responsibilities of the controller relating to the personal data processing (In role Controller)
Implementation of an appropriate data protection policies by the controller (In role Controller)
Implementation of the appropriate technical and organisational measures (In role Controller)
Processing of the personal data “by default” (In role Controller)
Personal data processing by the joint controllers (In role Controller) (In role Joint Controller)
Respective roles and relationships of the joint controllers vis-à-vis the data subjects (In role Controller) (In role Joint Controller)
Designating the place of activity of the controller, that is settled outside the EU (Delegated Representative of the Controller)
Guaranties of the processor for implementing the adequate protective measurements (In role Controller)
Conditions for engaging the other processor to the data processing (In role Processor)
Designation of the identical scope of the responsibilities for the other processor (In role Processor)
Contract or any other legal document in terms of the Article 28, paragraphs 3 and 4 (In role Controller) (In role Processor)
Consequences of misconducting the purposes and instruments in the process of personal data processing by the processor (In role Processor)
Obligation of the processor to comply with the instructions of the controller (In role Processor)
Mandatory scope of the processing activities record (In role Controller) (Delegated Representative of the Controller)
A record of all the processing activities categories, that are carried on behalf of a controller (In role Processor) (Delegated Representative of the Processor)
Form of the records according to Article 30, paragraphs 1 and 2 (In role Controller) (In role Processor)
Making the records available to the supervisory authority if needed (In role Controller) (In role Processor) (Delegated Representative of the Controller) (Delegated Representative of the Processor)
Cooperation with the supervisory authority (In role Controller) (In role Processor) (Delegated Representative of the Controller) (Delegated Representative of the Processor)
Implementation of the appropriate technical and organisational measures (In role Controller) (In role Processor)
Ensuring the activities compliance of any natural person, acting under the authority of controller or processor (In role Controller) (In role Processor)
Period for declaring the personal data breach (In role Controller)
Notification the data breach to the controller (In role Processor)
The minimal content of the personal data breach notification (In role Controller)
Documentary measures relating to the personal data breach (In role Controller)
Communication the personal data breach to the data subject (In role Controller)
Personal data processing that require the DPIA – general provision (In role Controller)
Cooperation between the controller and data protection officer (In role Controller)
Gathering the opinions of data subjects or their representatives (In role Controller)
Situation where the DPIA might be necessary (In role Controller)
Situations that require the prior consultations with the supervisory authority (In role Controller)
Information provided for the supervisory authority by the controller (In role Controller)
Compulsory designation of the data protection officer (DPO) (In role Controller) (In role Processor)
Publishing the data of the designated data protection officer (In role Controller) (In role Processor)
Responsibility of the controller and processor in context of the Data protection officer (In role Controller) (In role Processor)
Providing the support for the data protection officer (In role Controller) (In role Processor)
Organizational status of the Data protection officer (In role Controller) (In role Processor)
The Data protection officer and it´s other tasks and duties (In role Controller) (In role Processor)
Common certification and the European Data Protection Seal (In role Certification body)
Providing the information and access, that are essential for the certification procedure (In role Controller) (In role Processor)
Issuing the certification (In role Certification body)
Validity of the accreditation and it´s prolongation (In role Certification body)
Information obligation of the certification subjects (In role Certification body)
Revocation of the accreditation
Documentation of the assessment and suitable safeguards (In role Controller) (In role Processor)
Obligations of the controller (or processor) after the decision has been published (In role Controller) (In role Processor)
Joint liability in context of the personal data processing (In role Controller) (In role Processor)
Appropriate safeguards related to the rights and freedoms of the data subject (In role Controller) (In role Processor)

Indirect obligations

Regulation name
Right of the data subject to obtain a confirmation of the personal data processing from the controller (In role Controller)
Right to be informed of appropriate safeguards pursuant to Article 46 relating to the transfer (In role Controller)
Right to rectification (In role Controller)
Reason for eligibility of the data subject to exercise the right to be forgotten (In role Controller)
Restraining the personal data processing (In role Controller)
Right of the data subject to personal data portability (In role Controller)
Portability of the personal data from one controller to another controller (In role Controller)
Right of the data subject to object the processing of personal data (In role Controller)
Right of the data subject to object the personal data processing related to the marketing purposes (In role Controller)
Right to object the personal data processing for the purposes of the scientific, historical or statistical reasons (In role Controller)
Right not to be subject to a decision based solely on the automated processing (In role Controller)
Exercising the rights of the data subject against each of the controllers (In role Controller)
Competencies of the supervisory authority, in relation to the personal data breach notification (In role Controller)
Investigative powers of the supervisory authority (In role Controller) (In role Processor) (Delegated Representative of the Controller) (Delegated Representative of the Processor)
Corrective powers of the supervisory authority (In role Controller) (In role Processor)
Compensation for the material or non-material damage as a result of an infringement of this Regulation (In role Controller) (In role Processor)
Special provisions in context of the responsibility for the damage in terms of the Article 82, paragraph 1 (In role Controller) (In role Processor)
Compensation for the damage suffered (In role Controller) (In role Processor)

Rights

Regulation name
Exemption from the obligation to maintain, acquire or process additional information in order to identify the data subject (In role Controller)
Rights of the controller in case of the inappropriate requests from the data subject (In role Controller)
Additional information claims from the controller (In role Controller)
Possibilities of declaring the obligations fulfilment (In role Controller)
Approved certification mechanism pursuant to Article 42 (In role Controller)
Conditions for engaging the other processor to the data processing (In role Controller)
Certification mechanism as referred to in Article 42 (In role Processor)
Adherence to an approved code of conduct as referred to in Article 40 (In role Controller) (In role Processor)
Additional information relating to the personal data breach notification (In role Controller) (In role Processor)
Situation where the notification obligation shall not apply (In role Controller)
Optional designation of the Data protection officer (In role Controller) (In role Processor)
Personal data transfer in case of the absence of the decision based on the Article 45(3) (In role Controller) (In role Processor)
Right to an effective judicial remedy against a supervisory authority (In role Legal person)
Compensation for the damage suffered (In role Controller) (In role Processor)

Indirect rights

Regulation name
Information obligation of the controller towards the recipients (In role Recipient)
Notification the data breach to the controller (In role Controller)
List of processing operations which require an obligatory data protection impact assessment (In role Controller) (In role Processor)
Competency of the supervisory authority in case of the specific situations (In role Controller) (In role Processor)
Responsibility of the data protection officer (In role Controller) (In role Processor)
Support in working out the codes of conduct (In role Controller) (In role Processor)
Providing the information and access, that are essential for the certification procedure (In role Certification body)
The notification obligation of the lead supervisory authority in case of the submitted appeal (In role Controller) (In role Processor)
The notification obligation of the lead supervisory authority in case of the rejection of the submitted appeal (In role Controller)
The proceeding of the lead supervisory authority and other supervisory authorities in case of the partial rejection of the submitted appeal (In role Controller) (In role Processor)
Scope of the Board activities and responsibilities (In role Controller) (In role Processor)

Sanctions

Regulation name
Facts and conditions that are influencing the imposition of administrative fines (In role Controller) (In role Processor)
Principles for imposing the maximum administrative fines (In role Controller) (In role Processor)
Provisions concerning the administrative fines – up to 10 000 000,- EUR (In role Certification body) (In role Controller) (In role Processor)
Provisions concerning the administrative fines – up to 10 000 000,- EUR (In role Controller) (In role Processor)
Fines for the non-compliance with an order by the supervisory authority as referred to in Article 58(2) (In role Controller) (In role Processor)

Definitions

Regulation name
Territorial scope for the EU subjects (In role Controller in the EU) (In role Processor in the EU)
Controller (In role Controller)
Processor (In role Processor)
Recipient (In role Recipient)
Third party (In role Third party)
Compliance with a legal obligation (In role Controller)
Performance of a task carried out in the public interest (In role Controller)
Purposes of the legitimate interests pursued by the controller or by a third party (In role Controller) (In role Third party)
Exclusions from the prohibition of processing the special categories of personal data (In role Controller)
Exemptions from application the obligation of the controller to provide information in terms of the Article 14, paragraphs 1 – 4 (In role Controller)
Limitation of the negative implications in context of the other subjects' rights (In role Controller)
Exemptions from the application of Article 17, paragraph 1 and 2 (In role Controller)
Processing the personal data after the right to restriction of processing has been applied (In role Controller) (In role Legal person)
Limitation of the right to obtain the personal data (In role Controller)
Limitation of the negative implications relating to other subjects' rights (In role Controller)
Restrictions in application of the Article 22, paragraph 1 (In role Controller)
Minimum scope of the individual provisions in terms of the Article 23, paragraph 1 of the regulation (In role Controller) (In role Processor)
Legal instruments of the remedies against the controller or processor (Delegated Representative of the Controller) (Delegated Representative of the Processor)
Minimal scope of the contract essentials between the Controller and Processor (In role Controller) (In role Processor)
Basic Standard contract clauses between the Controller and Processor (In role Controller) (In role Processor)
Exemption from the obligations listed in the Article 30, paragraph 1 and 2 (In role Enterprise or an organisation employing fewer than 250 persons)
Assessing the appropriate level of the security account (In role Controller) (In role Processor)
Notification method in context of the Article 34, paragraph 1 of the regulation (In role Controller)
Processing that requires the obligatory DPIA (In role Controller)
Minimal content of the DPIA (In role Controller)
Assessing the impact of the processing performed by such controllers or processors (In role Controller) (In role Processor)
Situations where the DPIA need not to be done (In role Controller)
Supervisory authority consultation relating to social policy and public health policy (In role Controller)
Monitoring the compliance of the codes of conduct (In role Controller) (In role Processor)
Responsibility of the Controller and Processor relating to the certification process (In role Controller) (In role Processor)
Validity of the certificate and it´s prolongation (In role Certification body) (In role Controller) (In role Processor)
Accreditation conditions in relation to the certification subjects (In role Certification body) (In role Controller) (In role Processor)
Implementation criteria of the certification subjects accreditation process (In role Certification body)
Basic conditions for the personal data transfer (In role Controller) (In role Processor)
Possibilities of setting the appropriate safeguards up (In role Controller) (In role Processor)
Priority forms and approaches of the appropriate safeguards based on the Article 46, paragraph 1 (In role Controller) (In role Processor) (In role Recipient)
Minimal essential content of the binding corporate rules (In role Controller) (In role Processor)
Mutual legal assistance between the requesting third country and the Union or a Member State (In role Controller) (In role Processor)
Conditions for the personal data transfer in case of an appropriate safeguards decision absence (In role Controller) (In role Legal person) (In role Processor)
Specifications to the personal data transfer in context of the Article 49, paragraph 1 (In role Persons having a legitimate interest) (In role Recipient)
The lead supervisory authority in context of the cross-border processing (In role Controller) (In role Processor)
Access to documents of the Board (In role Third party)
The local competency of the judicial authorities for submitting the proceeding against the controller or processor (In role Controller) (In role Processor)
Circumstances that are excluding the responsibility of the controller or processor for the damage (In role Controller) (In role Processor)
Restrictions in the exemptions based on the Article 89, paragraph 2 and 3 (In role Controller) (In role Processor)